Someone have problems with SNAT? SNAT ( Hide NAT ) from LAN to Internet.
After PPP interface is reconnected and received new / different IPv4 address, the UTMv9 is still using the old IPv4 address for old sessions ( verification using tcpdump ).
Sometimes it resolves by it self ... and sometimes after restart ...
It's sporadic and I was unable to understand why it's happening.
When there is a problem, new sessions are working and SNAT is using new IPv4.
In version 9.705-3 and before worked flawlessly with the same configuration.
Is there a way to clear NAT cache?
* Unable to open a case. I'm using free UTMv9 for personal testing purposes as VM ( although license specifies that I should be able to open a case ... but it seems that this option lost in Sophos on the way ... ).
Assuming that "ISP Partner Fiber" is your external interface connected to your ISP, that should work. UTM "culture" is to also select 'Automatic Firewall rule'.
Instead of using…
Shalom Alexey and welcome to the UTM Community!
Please insert a picture of the Edit of your SNAT.
Cheers - Bob
Thank You for the reply.
My SNAT conf:
Wouldn't your Internet IPv4 instead be using the External (WAN) (Address) interface?
UTM - 9.707 | Intel i3-4150 4th Gen Processor 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Instead of using an SNAT, the "standard" way to do this in UTM is with a Masquerading rule:
Yep ... ppp0 interface should use new ISP IPv4 ... but it using old IPv4 ... or ... in rear occasions doesn't use SNAT and traffic goes out with private IP address.
ICMP to 18.104.22.168 is using "old" IPv4 22.214.171.124 ... obviously has no ICMP Replies.
Using new IPv4 126.96.36.199, is working and there are ICMP replies ( UTM changed it by itself ... no intervention from my part ).
At the same time ppp0 interface and object "ISP Partner Fiber (Address) display correct IPv4 address: 188.8.131.52.
So ... it's definitely a BUG.
hi, thank You for the feedback.
I will try to change to Masquerading rule, instead of SNAT ... as I don't care if it's a BUG and Sophos doesn't want to fix it ... I just need that my environment will function.
Hi, the same thing with Masquerading rule ... already reverted to 9.705-3 ... going to try even lower firmware version ...
Good luck with that. This sounds more like a broken config - it's rare, but that can happen when applying an Up2Date. Try restoring a backup made before you applied the last Up2Dates.